Gentoo Security Advisory GLSA 200404-13 (cvs) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200404-13.

Solution

All CVS users should upgrade to the latest stable version. # emerge sync # emerge -pv '>=dev-util/cvs-1.11.15' # emerge '>=dev-util/cvs-1.11.15' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-13 http://bugs.gentoo.org/show_bug.cgi?id=47800 http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.92&content-type=text/x-cvsweb-markup

Insight

There are two vulnerabilities in CVS one in the server and one in the client. These vulnerabilities allow the reading and writing of arbitrary files on both client and server.

Severity

Classification

CVE CVE-2004-0180, CVE-2004-0405
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200405-01 (neon)
Gentoo Security Advisory GLSA 200312-08 (cvs)
Gentoo Security Advisory GLSA 200407-10 (rsync)
Gentoo Security Advisory GLSA 200404-09 (heimdal)
Gentoo Security Advisory GLSA 200312-07 (lftp)

Take action and discover your vulnerabilities